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PROVISIONAL SPECIFICATION 
for the invention entitled: 

"A Communications Network Access Method and System" 



The invention is described in the following statement: 
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A COMMUNICATIONS NETWORK ACCESS METHOD AND SYSTEM 



The present invention relates to a method and system for accessing a communications 
network, such as the Internet. 

5 

Most Internet users currently connect to the Internet via the equipment of an Internet 
service provider (ISP). The ISP provides remote access servers (RASs) which are able to 
communicate with remote computers of the users using modems and standard telephone lines. 
The remote computers and the RASs use standard software that executes a protocol, such as 

10 the point to point protocol (PPP), to allow the users to dial into the RASs and connect to the 
Internet. To achieve this, the connection or PPP software on the user's computer requires the 
user to enter unique authentication data, such as the user's login name and password, and this 
is transmitted to the ISP when the software dials and contacts to the ISP equipment. If the ISP 
equipment determines that the authentication data is valid, the user's computer is connected 

15 and the user is allowed uninhibited access to the Internet. The user is accordingly free to view 
any desired web pages using a web browser on the user's computer. 

The success of web sites on the Internet, particularly from a commercial perspective, 
is almost solely dependent on a site's ability to attract traffic to it. For this reason, a number 

20 of well known sites, such as Netscape's home page and the home pages of ISPs have been 
reconfigured to operate as communication "portals" to the Internet in the hope that users will 
continually revert to the sites to determine where to direct their browsers next. A number of 
sites have proved to be extremely lucrative, in the same manner as television stations which 
are able to attract large numbers of viewers. The current market value of companies such as 

25 Yahoo and Excite, which maintain high traffic volume sites, indicates how lucrative. As ISPs 
constitute a first point of connection for most Internet users, any steps or method which an 
ISP can implement to direct users to particular pages, rather than the user's own default home 
page, would be highly desirable. The present invention seeks to provide such method or at 
least provide a useful alternative. 

30 

In accordance with the present invention there is provided a communications network 
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access method, including: 

receiving a request from a computer device to connect to said network; 

connecting said computer device to said network in response to said request; 

sending login data to said computer device after said connecting step, said login data 
5 being adapted to generate a login display on said computer device allowing entry of unique 
authentication data by a user of said device; 

receiving said unique authentication data entered on the computer; and 

allowing said user to access said network using said computer device when said 
authentication data is validated. 

10 

Preferably said method includes accessing profile data for said user after said allowing 
step and controlling access to said network using said profile data. Advantageously, said 
method may include having a set of access profiles encoded in a switch, and said profile data 
accessed for said user represents one of said encoded profiles. 

15 

Advantageously, the login display may include advertising material and links to 
particular locations on the communications network. Advantageously, the communications 
network may be the Internet and said login data represents a login web page sent to said 
computer device after connecting to the network. Advantageously, said request receiving and 
20 connecting steps may be executed using standard communication protocols, such as PPP, and 
a modem of the computer device and a RAS of the network. Advantageously, the steps of the 
method may be executed by equipment of an ISP. 



The present invention also provides a communications network access system, 
25 including: 

means for receiving a request from a computer device to connect to said network and 
for connecting the computer device to the network in response to the request; 

means for sending login data to the computer device after it is connected to the 
network, said login data being adapted to generate a login display on the computer device 
30 which allows entry of unique authentication data by a user of the device; and 

means for receiving said unique authentication data entered by the user and for 
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allowing the user to access the network using the computer device on determining that the 
authentication data is valid. 

Advantageously, the receiving and connecting means may include a RAS. The sending 
5 means may include a web server, and the receiving and allowing means may include, the web 
server and a user database. 

The present invention also provides a communications network access method, 
including: 

10 sending a request from a computer device to connect to a communications network, 

and being connected to the network in response to the request; 
receiving login data after being connected; 

generating a login display on the computer device, based on the login data, said 
display allowing entry of unique authentication data; 
15 sending unique authentication data entered on the computer device to the network; and 

obtaining access to the network after said authentication data is validated. 

A preferred embodiment of the present invention is hereinafter described, by way of 
example only with reference to the accompanying drawings, wherein: 
20 Figure 1 is a block diagram of a preferred embodiment of a communications network 

access system; 

Figure 2 is a flow diagram of a preferred embodiment of a communications network 
access method; 

Figure 3 is a diagram of a login page of the system and method; and 
25 Figure 4 is a diagram of a customized home page of the system and method. 

A communications access system, as shown in Figure 1, includes a plurality of remote 
access servers (RASs) 4, a layer four switch 6, a member profile database 8, a web server 10 
and a router 12. The RASs 4 are provided to allow the computers 14 of remote users to dial 
30 into the system using standard telecommunication lines and modems and connect to the input 
ports of the RASs 4, respectively. On connection to a port of an RAS 4 the user's computer 
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14 establishes a unique TCP session and the IP traffic for that session is switched by the 
switch 6. Once the user is authenticated, as described below, the user's computer 14 is 
allowed to access requested data on the Internet 16. The web server 10 is used to present 
pages to a user 14 connected to an RAS 4 and the member profile database 8 is used in 
5 controlling authentication of the user and access to the Internet, as described below. As far 
as the user 14 is concerned, the equipment 4, 6, 8, 10 and 12 of the access system is part of 
the Internet. The equipment 4, 6, 8, 10 and 12 includes standard commercially available 
hardware and basic database, web server and Internet access software which is known to those 
skilled in the art and is used in the access systems of most ISPs. The layer four switch is the 

10 exception, and if used by an ISP, is normally used to balance the traffic handled by the RASs 
4. An example of a suitable layer four switch is the Cache Director ™ produced by Alteon 
WebSystems Inc. The access system differs from that offered by ISPs, as described below, 
in that the layer four switch 6 is used to connect users to the web server 10 and then control 
access to the Internet 16 for the users 14 on the basis of a limited number of access profiles 

15 encoded in the switch 6. 

When a user 14 wishes to connect to the Internet using the access system, the user 14 
simply dials into the system using standard PPP software, at step 22 of the access procedure 
20 shown in Figure 2. The RASs 4 and the layer four switch 6 however do not require the 

20 user 14 to enter any username or password when using the PPP software in order to connect 
to the system. The user is automatically connected, and a TCP session established, when the 
user dials into a port of an RAS 4, without any authentication. The system informs the user's 
computer 14 of the connection and the PPP software will display for the user the fact that the 
connection has been established and any other details associated with the connection, such as 

25 the data rate. 

Once the user is connected to the access system the switch 6 determines whether the 
user's machine 14 is requesting connection to another computer on the Internet 16, at step 24. 
The request for example, may be simply to the user's default home page when the user opens 
30 a web browser of the computer 14. The switch 6 then determines, at step 26 by checking a 
stored flag, whether the user has been authenticated. If not, the switch 6 connects the user 14 
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directly to the web server 10. The web server 10 executes a login process 28 which involves 
sending the web pages shown in Figures 3 and 4 to the user 14. The login page shown in 
Figure 3 is sent first to the user 14. The page presents the user with a number of options, 
which includes executing a registration process to become a new registered user, entering a 
5 username and password if already registered, or accessing help pages stored on the server 10. 
The page also includes a number of banner advertisements which may include links to other 
pages or web sites. To gain general access to the Internet 16 however, the user must enter a 
valid username and password combination which is authenticated by the server 10. The login 
page allows the user to enter a username and password combination and then send the 

10 combination for authentication to the server 10 by clicking on the "sign in" button. 
Alternatively the combination may already be stored on the computer 14 by the user. The 
server 10 checks the combination and if valid, identifies the user and accesses a unique 
member profile for the user from the database 8. The member profile contains details 
concerning the user and customized home page data which allows the server to then compile 

15 and send a customized home page, as shown in Figure 4, to the user 14 on successfully 
completing the login process 28. The customized home page may also include banner 
advertisements, in the same manner as for the login page. The login and authentication 
process is therefore managed using the web browser of the user's machine 14, rather than the 
PPP software. 

20 

The member profile also specifies which one of a limited number of access profiles 
the user belongs to. The different access profiles are encoded in the layer four switch 6, and 
on authentication of a TCP session managed by the switch, a data value is stored indicating 
for the switch 6 which of the access profiles the session belongs to. The number of access 

25 profiles may be only, for example, four and each contains a list of IP addresses which can or 
cannot be accessed for a session. Accordingly, once the user reverts to step 24 and is 
determined at step 26 as having been authenticated, the switch 6 determines at step 30, on the 
basis of the access profile for the session, whether the user is allowed to access a requested 
computer or service. If so, the user is granted access to the computer or service on the 

30 Internet 16 at step 32. If not, the user 14 is advised at step 34 of the access denial. The access 
denial can be communicated by connecting the user to a denial page of the server 10. 
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The access method and system are particularly advantageous as they allow ISPs, at 
least initially, to control the pages viewed by a user. As a minimum, the user must, and 
cannot avoid, viewing the login and customized home pages, as these are an integral part of 
the login process. This allows the ISP to present advertising information, and in particular 
5 present target advertising information based on the user's profile, which the ISP can guarantee 
that all of its users will not be able to avoid. The login and customized home pages therefore 
act as an entry portal for all users. 

By allowing all users to directly connect to the system, including users which are not 
10 registered, the ISP is able to present and provide free access to selected Internet content and 
services via the login page. For example, the login page may include links to certain web 
pages that provide banking, stock trading or home shopping, and the user will not have to pay 
any fees to the ISP to access these pages. This allows the ISP to act as a free content provider 
for certain content, whilst charging a user to access other data on the Internet. To provide 
15 information to advertisers associated with the free content, the ISP can, if desired, still require 
and obtain certain information on and from users before providing the free content. 

Encoding the access profiles in the switch 6 also allows the ISP to restrict or allow 
access to selected content or services on the Internet, such as sports betting, adult orientated 
20 content or children's content. 

Many modifications will be apparent for those skilled in the art without departing from 
the scope of the present invention as hereinbefore described with reference to the 
accompanying drawings. 

25 

DATED this 6th day of May 1999. 

Sydney Gordon Low 

30 By DAVIES COLLISON CAVE 
Patent Attorneys for the Applicant. 
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